Added policy flag to assert artifact server/#3740 (#550)

* Added policy flag to assert artifact server/#3740

Author: ToreMerkely

cmd/kosli/assertArtifact.go

@@ -46,6 +46,7 @@ type assertArtifactOptions struct {
 	fingerprint        string // This is calculated or provided by the user
 	flowName           string
 	envName            string
+	policyNames        []string
 	output             string
 }
 
@@ -78,6 +79,7 @@ func newAssertArtifactCmd(out io.Writer) *cobra.Command {
 	cmd.Flags().StringVarP(&o.flowName, "flow", "f", "", flowNameFlag)
 	cmd.Flags().StringVar(&o.envName, "environment", "", envNameFlag)
 	cmd.Flags().StringVarP(&o.output, "output", "o", "table", outputFlag)
+	cmd.Flags().StringSliceVar(&o.policyNames, "policy", []string{}, policyName)
 
 	addFingerprintFlags(cmd, o.fingerprintOptions)
 	addDryRunFlag(cmd)
@@ -105,6 +107,12 @@ func (o *assertArtifactOptions) run(out io.Writer, args []string) error {
 		params.Add("environment_name", o.envName)
 	}
 
+	if len(o.policyNames) > 0 {
+		for _, policy := range o.policyNames {
+			params.Add("policy_name", policy)
+		}
+	}
+
 	fullURL := baseURL
 	if len(params) > 0 {
 		fullURL += "?" + params.Encode()
@@ -162,7 +170,7 @@ func printAssertAsTable(raw string, out io.Writer, page int) error {
 
 		logger.Info("  %-32v %-30v %-15v %-10v %-10v", name, attType, status, isCompliant, unexpectedStr)
 	}
-	if scope == "environment" {
+	if scope == "environment" || scope == "policy" {
 		logger.Info("%-32v %-30v", "Policy-name", "status")
 		policyEvaluations := evaluationResult["policy_evaluations"].([]interface{})
 		for _, item := range policyEvaluations {

cmd/kosli/assertArtifact_test.go

@@ -16,6 +16,8 @@ type AssertArtifactCommandTestSuite struct {
 	defaultKosliArguments string
 	flowName              string
 	envName               string
+	policyName1           string
+	policyName2           string
 	artifactName          string
 	artifactPath          string
 	fingerprint           string
@@ -24,6 +26,8 @@ type AssertArtifactCommandTestSuite struct {
 func (suite *AssertArtifactCommandTestSuite) SetupTest() {
 	suite.flowName = "assert-artifact"
 	suite.envName = "assert-artifact-environment"
+	suite.policyName1 = "assert-artifact-policy-1"
+	suite.policyName2 = "assert-artifact-policy-2"
 	suite.artifactName = "arti"
 	suite.artifactPath = "testdata/folder1/hello.txt"
 	global = &GlobalOpts{
@@ -38,6 +42,8 @@ func (suite *AssertArtifactCommandTestSuite) SetupTest() {
 		artifactType: "file",
 	}
 	CreateEnv(global.Org, suite.envName, "server", suite.Suite.T())
+	CreatePolicy(global.Org, suite.policyName1, suite.Suite.T())
+	CreatePolicy(global.Org, suite.policyName2, suite.Suite.T())
 	var err error
 	suite.fingerprint, err = GetSha256Digest(suite.artifactPath, fingerprintOptions, logger)
 	require.NoError(suite.Suite.T(), err)
@@ -68,6 +74,11 @@ func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() {
 			cmd:         fmt.Sprintf(`assert artifact --fingerprint %s --flow %s --environment %s %s`, suite.fingerprint, suite.flowName, suite.envName, suite.defaultKosliArguments),
 			goldenRegex: "(?s)^COMPLIANT\n.*Attestation-name.*Policy-name.*See more details at http://localhost(:8001)?/docs-cmd-test-user/flows/assert-artifact/artifacts/fcf33337634c2577a5d86fd7ecb0a25a7c1bb5d89c14fd236f546a5759252c02(?:\\?artifact_id=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{8})?\n",
 		},
+		{
+			name:        "asserting an existing compliant artifact (using --fingerprint) for an policy results in OK and zero exit",
+			cmd:         fmt.Sprintf(`assert artifact --fingerprint %s --flow %s --policy %s %s`, suite.fingerprint, suite.flowName, suite.policyName1, suite.defaultKosliArguments),
+			goldenRegex: "(?s)^COMPLIANT\n.*Attestation-name.*Policy-name.*assert-artifact-policy-1.*See more details at http://localhost(:8001)?/docs-cmd-test-user/flows/assert-artifact/artifacts/fcf33337634c2577a5d86fd7ecb0a25a7c1bb5d89c14fd236f546a5759252c02(?:\\?artifact_id=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{8})?\n",
+		},
 		{
 			name:        "asserting an existing compliant artifact (using --artifact-type) results in OK and zero exit",
 			cmd:         fmt.Sprintf(`assert artifact %s --artifact-type file --flow %s %s`, suite.artifactPath, suite.flowName, suite.defaultKosliArguments),
@@ -81,6 +92,16 @@ func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() {
 				{"scope", "flow"},
 			},
 		},
+		{
+			name: "json output of asserting an existing compliant artifact (using --fingerprint) for an policy results in correct json",
+			cmd:  fmt.Sprintf(`assert artifact %s --output json --artifact-type file --flow %s --policy=%s --policy=%s %s`, suite.artifactPath, suite.flowName, suite.policyName1, suite.policyName2, suite.defaultKosliArguments),
+			goldenJson: []jsonCheck{
+				{"compliant", true},
+				{"scope", "policy"},
+				{"policy_evaluations", "length:2"},
+				{"policy_evaluations.[0].policy_name", suite.policyName1},
+				{"policy_evaluations.[1].policy_name", suite.policyName2}},
+		},
 		{
 			wantError: true,
 			name:      "not providing --fingerprint nor --artifact-type fails",

cmd/kosli/root.go

@@ -234,6 +234,7 @@ The ^.kosli_ignore^ will be treated as part of the artifact like any other file,
 	policyDescriptionFlag                = "[optional] policy description."
 	policyCommentFlag                    = "[optional] comment about the change made in a policy file when updating a policy."
 	policyTypeFlag                       = "[defaulted] the type of policy. One of: [env]"
+	policyName                           = "[optional] policy name (can be specified multiple times)"
 	attachPolicyEnvFlag                  = "the list of environment names to attach the policy to"
 	detachPolicyEnvFlag                  = "the list of environment names to detach the policy from"
 	sonarAPITokenFlag                    = "[required] SonarCloud/SonarQube API token."

cmd/kosli/testHelpers.go

@@ -162,6 +162,18 @@ func goldenJsonContains(t *testing.T, output string, path string, want interface
 		}
 	}
 
+	// Special case: check array length
+	if wantStr, ok := want.(string); ok && strings.HasPrefix(wantStr, "length:") {
+		lengthStr := strings.TrimPrefix(wantStr, "length:")
+		expectedLength, err := strconv.Atoi(lengthStr)
+		require.NoError(t, err, "invalid length specification: %s", wantStr)
+
+		list, ok := current.([]interface{})
+		require.True(t, ok, "expected array at path %s", path)
+		require.Equal(t, expectedLength, len(list), "unexpected array length at path %s", path)
+		return
+	}
+
 	require.Equal(t, want, current, "unexpected value at path %s", path)
 }